/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/**
 * This tests the automatic login to the proxy with password,
 * if the password is stored and the browser is restarted.
 *
 * <copied from="test_authentication.js"/>
 */

Cu.import("resource://testing-common/httpd.js");
Cu.import("resource://gre/modules/NetUtil.jsm");

const FLAG_RETURN_FALSE   = 1 << 0;
const FLAG_WRONG_PASSWORD = 1 << 1;
const FLAG_PREVIOUS_FAILED = 1 << 2;

function AuthPrompt2(proxyFlags, hostFlags) {
  this.proxyCred.flags = proxyFlags;
  this.hostCred.flags = hostFlags;
}
AuthPrompt2.prototype = {
  proxyCred : { user: "proxy", pass: "guest",
      realmExpected: "intern", flags : 0 },
  hostCred : { user: "host", pass: "guest",
      realmExpected: "extern", flags : 0 },

  QueryInterface: function authprompt2_qi(iid) {
    if (iid.equals(Ci.nsISupports) ||
        iid.equals(Ci.nsIAuthPrompt2))
      return this;
    throw Cr.NS_ERROR_NO_INTERFACE;
  },

  promptAuth:
    function ap2_promptAuth(channel, encryptionLevel, authInfo)
  {
    try {

      // never HOST and PROXY set at the same time in prompt
      do_check_eq((authInfo.flags & Ci.nsIAuthInformation.AUTH_HOST) != 0,
          (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) == 0);

      var isProxy = (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) != 0;
      var cred = isProxy ? this.proxyCred : this.hostCred;

      dump("with flags: " +
        ((cred.flags & FLAG_WRONG_PASSWORD) !=0 ? "wrong password" : "")+" "+
        ((cred.flags & FLAG_PREVIOUS_FAILED) !=0 ? "previous failed" : "")+" "+
        ((cred.flags & FLAG_RETURN_FALSE) !=0 ? "return false" : "")  + "\n");

      // PROXY properly set by necko (checked using realm)
      do_check_eq(cred.realmExpected, authInfo.realm);

      // PREVIOUS_FAILED properly set by necko
      do_check_eq((cred.flags & FLAG_PREVIOUS_FAILED) != 0,
          (authInfo.flags & Ci.nsIAuthInformation.PREVIOUS_FAILED) != 0);

      if (cred.flags & FLAG_RETURN_FALSE)
      {
        cred.flags |= FLAG_PREVIOUS_FAILED;
        cred.flags &= ~FLAG_RETURN_FALSE;
        return false;
      }

      authInfo.username = cred.user;
      if (cred.flags & FLAG_WRONG_PASSWORD) {
        authInfo.password = cred.pass + ".wrong";
        cred.flags |= FLAG_PREVIOUS_FAILED;
        // Now clear the flag to avoid an infinite loop
        cred.flags &= ~FLAG_WRONG_PASSWORD;
      } else {
        authInfo.password = cred.pass;
        cred.flags &= ~FLAG_PREVIOUS_FAILED;
      }
      return true;

    } catch (e) { do_throw(e); }
  },

  asyncPromptAuth:
    function ap2_async(channel, callback, context, encryptionLevel, authInfo)
  {
    try {
      var me = this;
      var allOverAndDead = false;
      do_execute_soon(function() {
        try {
          if (allOverAndDead)
            throw "already canceled";
          var ret = me.promptAuth(channel, encryptionLevel, authInfo);
          if (!ret)
            callback.onAuthCancelled(context, true);
          else
            callback.onAuthAvailable(context, authInfo);
          allOverAndDead = true;
        } catch (e) { do_throw(e); }
      });
      return new Cancelable(function() {
          if (allOverAndDead)
            throw "can't cancel, already ran";
          callback.onAuthAvailable(context, authInfo);
          allOverAndDead = true;
        });
    } catch (e) { do_throw(e); }
  }
};

function Cancelable(onCancelFunc) {
  this.onCancelFunc = onCancelFunc;
}
Cancelable.prototype = {
  QueryInterface: function cancelable_qi(iid) {
    if (iid.equals(Ci.nsISupports) ||
        iid.equals(Ci.nsICancelable))
      return this;
    throw Cr.NS_ERROR_NO_INTERFACE;
  },
  cancel: function cancel() {
    try {
      this.onCancelFunc();
    } catch (e) { do_throw(e); }
  }
};

function Requestor(proxyFlags, hostFlags) {
  this.proxyFlags = proxyFlags;
  this.hostFlags = hostFlags;
}
Requestor.prototype = {
  QueryInterface: function requestor_qi(iid) {
    if (iid.equals(Ci.nsISupports) ||
        iid.equals(Ci.nsIInterfaceRequestor))
      return this;
    throw Cr.NS_ERROR_NO_INTERFACE;
  },

  getInterface: function requestor_gi(iid) {
    if (iid.equals(Ci.nsIAuthPrompt)) {
      dump("authprompt1 not implemented\n");
      throw Cr.NS_ERROR_NO_INTERFACE;
    }
    if (iid.equals(Ci.nsIAuthPrompt2)) {
      try {
        // Allow the prompt to store state by caching it here
        if (!this.prompt2)
          this.prompt2 = new AuthPrompt2(this.proxyFlags, this.hostFlags);
        return this.prompt2;
      } catch (e) { do_throw(e); }
    }
    throw Cr.NS_ERROR_NO_INTERFACE;
  },

  prompt2: null
};

var listener = {
  expectedCode: -1, // uninitialized

  onStartRequest: function test_onStartR(request, ctx) {
    try {
      // Proxy auth cancellation return failures to avoid spoofing
      if (!Components.isSuccessCode(request.status) &&
          (this.expectedCode != 407))
        do_throw("Channel should have a success code!");

      if (!(request instanceof Ci.nsIHttpChannel))
        do_throw("Expecting an HTTP channel");

      do_check_eq(this.expectedCode, request.responseStatus);
      // If we expect 200, the request should have succeeded
      do_check_eq(this.expectedCode == 200, request.requestSucceeded);

      var cookie = "";
      try {
        cookie = request.getRequestHeader("Cookie");
      } catch (e) { }
      do_check_eq(cookie, "");

    } catch (e) {
      do_throw("Unexpected exception: " + e);
    }

    throw Cr.NS_ERROR_ABORT;
  },

  onDataAvailable: function test_ODA() {
    do_throw("Should not get any data!");
  },

  onStopRequest: function test_onStopR(request, ctx, status) {
    do_check_eq(status, Cr.NS_ERROR_ABORT);

    if (current_test < (tests.length - 1)) {
      // First, need to clear the auth cache
      Cc["@mozilla.org/network/http-auth-manager;1"]
            .getService(Ci.nsIHttpAuthManager)
            .clearAll();

      current_test++;
      tests[current_test]();
    } else {
      do_test_pending();
      httpserv.stop(do_test_finished);
    }

    do_test_finished();
  }
};

function makeChan(url) {
  if (!url)
    url = "http://somesite/";

  return NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true})
                .QueryInterface(Ci.nsIHttpChannel);
}

var current_test = 0;
var httpserv = null;

function run_test() {
  httpserv = new HttpServer();
  httpserv.registerPathHandler("/", proxyAuthHandler);
  httpserv.identity.add("http", "somesite", 80);
  httpserv.start(-1);

  const prefs = Cc["@mozilla.org/preferences-service;1"]
                         .getService(Ci.nsIPrefBranch);
  prefs.setCharPref("network.proxy.http", "localhost");
  prefs.setIntPref("network.proxy.http_port", httpserv.identity.primaryPort);
  prefs.setCharPref("network.proxy.no_proxies_on", "");
  prefs.setIntPref("network.proxy.type", 1);

  // Turn off the authentication dialog blocking for this test.
  prefs.setIntPref("network.auth.subresource-http-auth-allow", 2);

  tests[current_test]();
}

function test_proxy_returnfalse() {
  dump("\ntest: proxy returnfalse\n");
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
  listener.expectedCode = 407; // Proxy Unauthorized
  chan.asyncOpen2(listener);

  do_test_pending();
}

function test_proxy_wrongpw() {
  dump("\ntest: proxy wrongpw\n");
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(FLAG_WRONG_PASSWORD, 0);
  listener.expectedCode = 200; // Eventually OK
  chan.asyncOpen2(listener);
  do_test_pending();
}

function test_all_ok() {
  dump("\ntest: all ok\n");
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(0, 0);
  listener.expectedCode = 200; // OK
  chan.asyncOpen2(listener);
  do_test_pending();
}

function test_proxy_407_cookie() {
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
  chan.setRequestHeader("X-Set-407-Cookie", "1", false);
  listener.expectedCode = 407; // Proxy Unauthorized
  chan.asyncOpen2(listener);

  do_test_pending();
}

function test_proxy_200_cookie() {
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(0, 0);
  chan.setRequestHeader("X-Set-407-Cookie", "1", false);
  listener.expectedCode = 200; // OK
  chan.asyncOpen2(listener);
  do_test_pending();
}

function test_host_returnfalse() {
  dump("\ntest: host returnfalse\n");
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(0, FLAG_RETURN_FALSE);
  listener.expectedCode = 401; // Host Unauthorized
  chan.asyncOpen2(listener);

  do_test_pending();
}

function test_host_wrongpw() {
  dump("\ntest: host wrongpw\n");
  var chan = makeChan();
  chan.notificationCallbacks = new Requestor(0, FLAG_WRONG_PASSWORD);
  listener.expectedCode = 200; // Eventually OK
  chan.asyncOpen2(listener);
  do_test_pending();
}

function test_proxy_wrongpw_host_wrongpw() {
  dump("\ntest: proxy wrongpw, host wrongpw\n");
  var chan = makeChan();
  chan.notificationCallbacks =
      new Requestor(FLAG_WRONG_PASSWORD, FLAG_WRONG_PASSWORD);
  listener.expectedCode = 200; // OK
  chan.asyncOpen2(listener);
  do_test_pending();
}

function test_proxy_wrongpw_host_returnfalse() {
  dump("\ntest: proxy wrongpw, host return false\n");
  var chan = makeChan();
  chan.notificationCallbacks =
      new Requestor(FLAG_WRONG_PASSWORD, FLAG_RETURN_FALSE);
  listener.expectedCode = 401; // Host Unauthorized
  chan.asyncOpen2(listener);
  do_test_pending();
}

var tests = [test_proxy_returnfalse, test_proxy_wrongpw, test_all_ok,
        test_proxy_407_cookie, test_proxy_200_cookie,
        test_host_returnfalse, test_host_wrongpw,
        test_proxy_wrongpw_host_wrongpw, test_proxy_wrongpw_host_returnfalse];


// PATH HANDLERS

// Proxy
function proxyAuthHandler(metadata, response) {
  try {
    var realm = "intern";
    // btoa("proxy:guest"), but that function is not available here
    var expectedHeader = "Basic cHJveHk6Z3Vlc3Q=";

    var body;
    if (metadata.hasHeader("Proxy-Authorization") &&
        metadata.getHeader("Proxy-Authorization") == expectedHeader)
    {
      dump("proxy password ok\n");
      response.setHeader("Proxy-Authenticate",
          'Basic realm="' + realm + '"', false);

      hostAuthHandler(metadata, response);
    }
    else
    {
      dump("proxy password required\n");
      response.setStatusLine(metadata.httpVersion, 407,
          "Unauthorized by HTTP proxy");
      response.setHeader("Proxy-Authenticate",
          'Basic realm="' + realm + '"', false);
      if (metadata.hasHeader("X-Set-407-Cookie")) {
          response.setHeader("Set-Cookie", "chewy", false);
      }
      body = "failed";
      response.bodyOutputStream.write(body, body.length);
    }
  } catch (e) { do_throw(e); }
}

// Host /auth
function hostAuthHandler(metadata, response) {
  try {
    var realm = "extern";
    // btoa("host:guest"), but that function is not available here
    var expectedHeader = "Basic aG9zdDpndWVzdA==";

    var body;
    if (metadata.hasHeader("Authorization") &&
        metadata.getHeader("Authorization") == expectedHeader)
    {
      dump("host password ok\n");
      response.setStatusLine(metadata.httpVersion, 200,
          "OK, authorized for host");
      response.setHeader("WWW-Authenticate",
          'Basic realm="' + realm + '"', false);
      body = "success";
    }
    else
    {
      dump("host password required\n");
      response.setStatusLine(metadata.httpVersion, 401,
          "Unauthorized by HTTP server host");
      response.setHeader("WWW-Authenticate",
          'Basic realm="' + realm + '"', false);
      body = "failed";
    }
    response.bodyOutputStream.write(body, body.length);
  } catch (e) { do_throw(e); }
}